Key areas where organisations are failing to protect employees online
Many businesses don’t realise that the smallest and often unknown security gap can provide an easy pathway for malicious actors to breach employee and organisational data. There are four key areas where Australian organisations are currently failing to protect employees online:
1. Education and Engagement
Organisations of all sizes are targets for cybercriminals, with risks spanning across phishing attacks, malware and ransomware attacks, as well as insider threats. This is often because employees are either unaware of cyberthreats, don’t understand how to respond when a threat occurs, or are uninterested in cybersecurity as they believe it won’t happen to them.
In the current volatile market, understandably, most businesses are focused on economic recovery and building market resilience. However, business resilience depends on educating and engaging employees in cybersecurity. Employees are an organisation’s first line of defence and greatest weakness when it comes to cybersecurity, yet many organisations are still failing to educate and engage their employees about cyberthreats.
2. Endpoint Security and Network Protection
Many organisations focus business investment on potential growth areas, while leaving critical business systems such as legacy security software as an afterthought.
Unfortunately, businesses with outdated endpoint security or network protection are highly exposed when it comes to cyberthreats. Using outdated security tools makes companies just as vulnerable to a successful cyberattack as organisations that don’t have any cybersecurity protection. A small investment in endpoint security and network protection can protect the business from significant financial, operational, and reputational risk.
3. Application Security and Data Protection
The move to remote work meant organisations needed to quickly adapt with new methods of file sharing among customers, suppliers, and employees. This has increased reliance on email and personal file-sharing applications. While this helped businesses to cope with the short-term disruption, in the longer term, organisations without a secure file-sharing platform are at greater risk of ransomware and malware attacks, as well as confidential business and employee data falling into the wrong hands.
4. People and Identity
Despite the risks, many organisations continue to figuratively leave their front door unlocked to criminals when it comes to online authentication. In a recent survey, more than 40 per cent of companies were breached via a weak password, with 48 per cent of workers using the same passwords for both their personal and work accounts. This may be why compromised passwords are responsible for 81 per cent of hacking-related breaches.1 Without secure authentication processes, such as multifactor authentication and identity-based security, businesses are risking their valuable data and employees’ online safety.